Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Network after removing Trojan Dropper (Sirefef.B)


  • This topic is locked This topic is locked
75 replies to this topic

#16 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:26 PM

Posted 06 March 2012 - 11:30 PM

How's the computer running now?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


BC AdBot (Login to Remove)

 


#17 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 07 March 2012 - 07:53 AM

About the same. Still no LAN/internet. Anti-virus (MS Security Essentials) will not turn on.

#18 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:26 PM

Posted 07 March 2012 - 08:19 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#19 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 07 March 2012 - 08:51 PM

Farbar Service Scanner Version: 22-02-2012
Ran by Owner (administrator) on 07-03-2012 at 19:44:47
Running from "C:\Temp\virus 2012"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2012-03-05 18:46] - [2004-08-03 23:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(9) Gpc(6) IPSec(8) NetBT(15) PSched(7) Tcpip(3)
0x0E0000000800000004000000010000000200000003000000050000000600000007000000090000000A0000000B0000000C0000000D0000000E000000


**** End of log ****

#20 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:26 PM

Posted 07 March 2012 - 10:39 PM

Run OTL.
  • Copy and Paste the following code into the Custom Scan/Fixes box.

    /md5start
    ipsec.sys
    /md5stop
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#21 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 08 March 2012 - 07:54 AM

OTL logfile created on: 3/8/2012 6:44:10 AM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 66.32% Memory free
3.04 Gb Paging File | 2.64 Gb Available in Paging File | 86.90% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.14 Gb Total Space | 59.02 Gb Free Space | 32.40% Space Free | Partition Type: NTFS
Drive D: | 4.15 Gb Total Space | 2.41 Gb Free Space | 58.04% Space Free | Partition Type: FAT32
Drive F: | 1397.26 Gb Total Space | 1201.55 Gb Free Space | 85.99% Space Free | Partition Type: NTFS

Computer Name: KIDS-1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 20:55:36 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/25 10:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\BsecAV.exe
PRC - [2011/06/25 10:59:34 | 000,096,040 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\BsecTray.exe
PRC - [2011/06/25 10:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\InetCtrl.exe
PRC - [2011/06/25 10:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/02 19:49:14 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/25 10:59:37 | 000,057,128 | ---- | M] () -- C:\Program Files\Bsecure\BsecZlib.dll
MOD - [2011/06/25 10:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/09/28 02:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/25 10:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\BsecAV.exe -- (BsecureAV)
SRV - [2011/06/25 10:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\InetCtrl.exe -- (Bsecure)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/21 14:09:00 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/03/02 19:49:14 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/05 18:32:34 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/08/04 03:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- -- (MpFilter)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/26 13:23:50 | 000,049,088 | ---- | M] (BSafe Online) [File_System | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BsecFltr.sys -- (BsecureFilter)
DRV - [2010/02/05 11:40:12 | 000,021,624 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BSecACFltr.sys -- (BSecACFltr)
DRV - [2009/05/08 18:29:18 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/20 04:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/01 03:13:42 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/30 07:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/15 02:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/28 21:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 21:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/08/05 18:48:08 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/04/19 11:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/15 18:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/04 03:54:32 | 000,269,387 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/06/17 16:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/14 00:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/01/12 16:51:44 | 001,252,474 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P1120Vid.sys -- (P1120VID)
DRV - [2003/08/28 20:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/07/24 17:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 12:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emails
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {157D48CB-2889-4F85-ABDA-A4237DE3B95E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{157D48CB-2889-4F85-ABDA-A4237DE3B95E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{35971C31-0EA1-4C73-98AA-191AEF8BA0ED}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: F:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\discoversoan@orbiscom: C:\Program Files\Discover\SOAN [2011/05/11 12:31:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/10/03 17:24:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/03/06 22:00:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [CloudCare] C:\Program Files\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://rsvpn.raytheon.com/,DanaInfo=MK2-MSG03.raymail.ray.com,CT=java+dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://rsvpn.raytheon.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7C489CE-9887-4A53-B6CE-0E1BAF276603}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDB18F06-4FFF-458B-B81B-E166AF8EB6DF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/13 11:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 21:11:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/06 21:10:33 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2012/03/06 19:59:31 | 004,428,059 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/03/05 21:53:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 20:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GrantPerms
[2012/03/05 20:59:39 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/05 18:13:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/05 18:13:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/05 18:13:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/05 18:13:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/05 18:13:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/05 18:13:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/01 21:36:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/02/22 22:41:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ifmon.dll
[2012/02/22 06:58:00 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\old netbt.sys
[2012/02/21 22:34:34 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\old ipsec.sys
[2012/02/16 16:21:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2012/02/13 23:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2012/02/13 23:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/02/13 23:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/02/13 23:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/13 22:07:41 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\old ifmon.dll
[2012/02/12 18:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 02:10:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/06 22:00:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/06 22:00:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/06 21:52:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/06 21:12:05 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2012/03/06 21:09:52 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2012/03/06 19:52:10 | 004,428,059 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/03/05 20:55:36 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/05 20:55:08 | 000,304,175 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ListParts.exe
[2012/03/05 20:53:50 | 000,450,985 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GrantPerms.zip
[2012/03/05 18:55:25 | 000,441,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/05 18:55:25 | 000,071,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/02 17:57:46 | 000,203,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/19 18:02:35 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012/02/16 21:05:30 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\Owner\secedit.INTEG.RAW
[2012/02/16 16:17:00 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2012/02/16 16:16:33 | 000,000,221 | ---- | M] () -- C:\Boot.bak
[2012/02/13 23:08:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/10 06:15:28 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 21:12:05 | 000,000,221 | ---- | C] () -- C:\Boot.bak
[2012/03/06 21:12:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/05 20:59:43 | 000,304,175 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ListParts.exe
[2012/03/05 20:59:28 | 000,450,985 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GrantPerms.zip
[2012/03/05 18:13:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/05 18:13:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/05 18:13:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/05 18:13:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/05 18:13:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/22 22:46:50 | 000,123,850 | ---- | C] () -- C:\WINDOWS\System32\MSWSOCK.DL_
[2012/02/22 22:40:39 | 000,035,722 | ---- | C] () -- C:\WINDOWS\System32\drivers\IFMON.DL_
[2012/02/22 06:56:29 | 000,024,812 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDROM.SY_
[2012/02/22 06:55:52 | 000,030,067 | ---- | C] () -- C:\WINDOWS\System32\drivers\SERIAL.SY_
[2012/02/22 06:55:11 | 000,090,324 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETBT.SY_
[2012/02/22 06:54:41 | 000,071,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\AFD.SY_
[2012/02/21 23:02:49 | 000,018,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETBIOS.SY_
[2012/02/21 22:34:04 | 000,039,596 | ---- | C] () -- C:\WINDOWS\System32\drivers\IPSEC.SY_
[2012/02/16 21:05:30 | 000,002,570 | ---- | C] () -- C:\Documents and Settings\Owner\secedit.INTEG.RAW
[2012/02/13 23:08:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 15:18:52 | 000,021,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\BSecACFltr.sys
[2011/12/24 05:43:39 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MBOoHvEv.dat
[2011/12/17 09:20:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/17 00:55:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/13 21:06:30 | 000,009,786 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\757503b3h227k826x088b6lbp6d3
[2011/12/13 21:06:30 | 000,009,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\757503b3h227k826x088b6lbp6d3
[2011/08/20 13:11:56 | 000,213,187 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\MMUpgrade.jpg
[2011/06/22 11:44:32 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\ijjiPlugin2.dll
[2011/06/22 11:44:31 | 000,158,952 | ---- | C] () -- C:\WINDOWS\System32\PubPlugin.dll
[2011/06/22 11:44:31 | 000,087,472 | ---- | C] () -- C:\WINDOWS\System32\ijjiChannelingPlugin.dll
[2011/03/19 19:48:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/25 13:07:25 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/25 13:07:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/25 13:07:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/25 13:07:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/25 13:07:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/25 13:07:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/25 13:07:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/25 13:07:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/25 13:07:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/25 13:07:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/25 13:07:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/12/25 13:07:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/25 13:07:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/25 13:07:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/25 13:07:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/25 13:07:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/25 13:07:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/12/25 13:07:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/12/25 13:07:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

========== Custom Scans ==========


< >


< MD5 for: IPSEC.SYS >
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2004/08/10 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2004/08/03 23:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys

< End of report >

#22 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:26 PM

Posted 08 March 2012 - 09:49 AM

Hi,

I will be away for 2-4 days, let me know if it is OK for you to wait otherwise I will ask somebody to continue the work. Thanks.


:step1: Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Double-click the SystemLook and copy-paste the following into the box
    :file
    C:\Documents and Settings\Owner\Local Settings\Application Data\757503b3h227k826x088b6lbp6d3
    C:\Documents and Settings\All Users\Application Data\757503b3h227k826x088b6lbp6d3
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply



:step2: Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
    
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


:step3: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#23 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 08 March 2012 - 09:53 PM

I am including the systemlook output, but the OTL once again hung up trying to kill processes, and I had to hard reboot the system. I did not do the TDSSKiller yet since the OTL did not run.

If it is possible, I would like to continue working this problem while you are away.



SystemLook 30.07.11 by jpshortstuff
Log created at 19:13 on 08/03/2012 by Owner
Administrator - Elevation successful

========== file ==========

C:\Documents and Settings\Owner\Local Settings\Application Data\757503b3h227k826x088b6lbp6d3 - File found and opened.
MD5: 245CB44A8D75289DA3061925427C6D91
Created at 03:06 on 14/12/2011
Modified at 03:30 on 14/12/2011
Size: 9786 bytes
Attributes: --ahs--
No version information available.

C:\Documents and Settings\All Users\Application Data\757503b3h227k826x088b6lbp6d3 - File found and opened.
MD5: 245CB44A8D75289DA3061925427C6D91
Created at 03:06 on 14/12/2011
Modified at 03:30 on 14/12/2011
Size: 9786 bytes
Attributes: --ahs--
No version information available.

-= EOF =-

#24 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 10 March 2012 - 05:55 AM

Hello, because Sempai is not available at the moment I'll work with you from here. :)

Please skip OTL and continue with TDSSkiller.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#25 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 10 March 2012 - 11:32 AM

Well, too late...I uninstalled MBAM, SUPER AntiSpyware, and MS Security Essentials, and then OTL ran just fine. Then I ran TDSSKiller. I am posting the OTL file, and the TDSSKiller came back clean.

Thanks for picking this up!

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\AntiVirusOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\FirewallOverride deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373862 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2902 bytes

User: Haley
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 373862 bytes
->Java cache emptied: 25350693 bytes
->Google Chrome cache emptied: 240210279 bytes
->Flash cache emptied: 430132 bytes

User: Hayden
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Holly
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 373862 bytes
->Java cache emptied: 16762524 bytes
->Google Chrome cache emptied: 92944832 bytes
->Flash cache emptied: 102764 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: Mom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373862 bytes
->Java cache emptied: 48634931 bytes
->Google Chrome cache emptied: 200994063 bytes
->Flash cache emptied: 20095 bytes

User: NetworkService
->Temp folder emptied: 26136 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 24385 bytes

User: Owner
->Temp folder emptied: 1202 bytes
->Temporary Internet Files folder emptied: 1150281 bytes
->Java cache emptied: 40137672 bytes
->Flash cache emptied: 65685 bytes

User: Webbie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 702546 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 633744 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27886 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 639.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03102012_064051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#26 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 10 March 2012 - 11:57 AM

No problem. :) Please run also TDSSkiller and post me the log.

How are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#27 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 10 March 2012 - 04:39 PM

15:37:28.0343 0440 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
15:37:28.0359 0440 ============================================================
15:37:28.0359 0440 Current date / time: 2012/03/10 15:37:28.0359
15:37:28.0359 0440 SystemInfo:
15:37:28.0359 0440
15:37:28.0359 0440 OS Version: 5.1.2600 ServicePack: 3.0
15:37:28.0359 0440 Product type: Workstation
15:37:28.0359 0440 ComputerName: KIDS-1
15:37:28.0359 0440 UserName: Owner
15:37:28.0359 0440 Windows directory: C:\WINDOWS
15:37:28.0359 0440 System windows directory: C:\WINDOWS
15:37:28.0359 0440 Processor architecture: Intel x86
15:37:28.0359 0440 Number of processors: 2
15:37:28.0359 0440 Page size: 0x1000
15:37:28.0359 0440 Boot type: Normal boot
15:37:28.0359 0440 ============================================================
15:37:29.0015 0440 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:37:29.0046 0440 Drive \Device\Harddisk1\DR1 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:37:29.0046 0440 \Device\Harddisk0\DR0:
15:37:29.0046 0440 MBR used
15:37:29.0046 0440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
15:37:29.0046 0440 \Device\Harddisk1\DR1:
15:37:29.0046 0440 MBR used
15:37:29.0046 0440 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x851B5F, BlocksNum 0x16C483A1
15:37:29.0046 0440 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x851B20
15:37:29.0078 0440 Initialize success
15:37:29.0078 0440 ============================================================
15:38:05.0921 0276 ============================================================
15:38:05.0921 0276 Scan started
15:38:05.0921 0276 Mode: Manual;
15:38:05.0921 0276 ============================================================
15:38:06.0171 0276 Abiosdsk - ok
15:38:06.0203 0276 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:38:06.0203 0276 abp480n5 - ok
15:38:06.0265 0276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:38:06.0265 0276 ACPI - ok
15:38:06.0312 0276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:38:06.0312 0276 ACPIEC - ok
15:38:06.0328 0276 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:38:06.0328 0276 adpu160m - ok
15:38:06.0359 0276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:38:06.0359 0276 aec - ok
15:38:06.0390 0276 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
15:38:06.0390 0276 AFD - ok
15:38:06.0437 0276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:38:06.0437 0276 agp440 - ok
15:38:06.0453 0276 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:38:06.0453 0276 agpCPQ - ok
15:38:06.0453 0276 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:38:06.0453 0276 Aha154x - ok
15:38:06.0468 0276 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:38:06.0468 0276 aic78u2 - ok
15:38:06.0484 0276 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:38:06.0484 0276 aic78xx - ok
15:38:06.0593 0276 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:38:06.0609 0276 ALCXWDM - ok
15:38:06.0640 0276 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:38:06.0640 0276 AliIde - ok
15:38:06.0656 0276 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:38:06.0656 0276 alim1541 - ok
15:38:06.0671 0276 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:38:06.0671 0276 amdagp - ok
15:38:06.0703 0276 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
15:38:06.0703 0276 AmdPPM - ok
15:38:06.0718 0276 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:38:06.0718 0276 amsint - ok
15:38:06.0765 0276 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:38:06.0765 0276 Arp1394 - ok
15:38:06.0781 0276 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:38:06.0781 0276 asc - ok
15:38:06.0796 0276 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:38:06.0796 0276 asc3350p - ok
15:38:06.0812 0276 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:38:06.0812 0276 asc3550 - ok
15:38:06.0843 0276 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
15:38:06.0843 0276 ASCTRM - ok
15:38:06.0859 0276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:38:06.0859 0276 AsyncMac - ok
15:38:06.0875 0276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:38:06.0875 0276 atapi - ok
15:38:06.0890 0276 Atdisk - ok
15:38:07.0000 0276 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:38:07.0015 0276 ati2mtag - ok
15:38:07.0046 0276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:38:07.0046 0276 Atmarpc - ok
15:38:07.0078 0276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:38:07.0078 0276 audstub - ok
15:38:07.0093 0276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:38:07.0093 0276 Beep - ok
15:38:07.0140 0276 BSecACFltr (c9aff970593e598b896f22898d768105) C:\WINDOWS\system32\DRIVERS\BSecACFltr.sys
15:38:07.0140 0276 BSecACFltr - ok
15:38:07.0156 0276 BsecureFilter (0a00fd8d22ecf4031964414f699b7bbd) C:\WINDOWS\system32\drivers\BsecFltr.sys
15:38:07.0156 0276 BsecureFilter - ok
15:38:07.0156 0276 catchme - ok
15:38:07.0171 0276 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:38:07.0171 0276 cbidf - ok
15:38:07.0187 0276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:38:07.0187 0276 cbidf2k - ok
15:38:07.0218 0276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:38:07.0234 0276 CCDECODE - ok
15:38:07.0250 0276 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:38:07.0265 0276 cd20xrnt - ok
15:38:07.0265 0276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:38:07.0265 0276 Cdaudio - ok
15:38:07.0296 0276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:38:07.0296 0276 Cdfs - ok
15:38:07.0328 0276 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
15:38:07.0328 0276 Cdr4_xp - ok
15:38:07.0343 0276 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
15:38:07.0343 0276 Cdralw2k - ok
15:38:07.0359 0276 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
15:38:07.0359 0276 cdrbsdrv - ok
15:38:07.0375 0276 Changer - ok
15:38:07.0406 0276 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:38:07.0406 0276 CmdIde - ok
15:38:07.0421 0276 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:38:07.0421 0276 Cpqarray - ok
15:38:07.0468 0276 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
15:38:07.0468 0276 CVirtA - ok
15:38:07.0531 0276 CVPNDRVA (091581087292b681725e6bc623ef2f82) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
15:38:07.0531 0276 CVPNDRVA - ok
15:38:07.0578 0276 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:38:07.0578 0276 dac2w2k - ok
15:38:07.0593 0276 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:38:07.0593 0276 dac960nt - ok
15:38:07.0625 0276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:38:07.0625 0276 Disk - ok
15:38:07.0687 0276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:38:07.0703 0276 dmboot - ok
15:38:07.0718 0276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:38:07.0718 0276 dmio - ok
15:38:07.0734 0276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:38:07.0734 0276 dmload - ok
15:38:07.0781 0276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:38:07.0781 0276 DMusic - ok
15:38:07.0828 0276 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
15:38:07.0828 0276 DNE - ok
15:38:07.0859 0276 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:38:07.0859 0276 dpti2o - ok
15:38:07.0906 0276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:38:07.0906 0276 drmkaud - ok
15:38:08.0046 0276 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:38:08.0046 0276 eeCtrl - ok
15:38:08.0078 0276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:38:08.0078 0276 Fastfat - ok
15:38:08.0093 0276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:38:08.0093 0276 Fdc - ok
15:38:08.0109 0276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:38:08.0109 0276 Fips - ok
15:38:08.0125 0276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:38:08.0125 0276 Flpydisk - ok
15:38:08.0187 0276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:38:08.0187 0276 FltMgr - ok
15:38:08.0234 0276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:38:08.0234 0276 Fs_Rec - ok
15:38:08.0250 0276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:38:08.0250 0276 Ftdisk - ok
15:38:08.0281 0276 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
15:38:08.0296 0276 gdrv - ok
15:38:08.0312 0276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:38:08.0312 0276 GEARAspiWDM - ok
15:38:08.0359 0276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:38:08.0359 0276 Gpc - ok
15:38:08.0390 0276 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:38:08.0390 0276 hamachi - ok
15:38:08.0421 0276 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:38:08.0421 0276 HDAudBus - ok
15:38:08.0453 0276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:38:08.0453 0276 HidUsb - ok
15:38:08.0500 0276 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:38:08.0500 0276 hpn - ok
15:38:08.0546 0276 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:38:08.0546 0276 HPZid412 - ok
15:38:08.0593 0276 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:38:08.0593 0276 HPZipr12 - ok
15:38:08.0609 0276 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:38:08.0609 0276 HPZius12 - ok
15:38:08.0656 0276 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:38:08.0656 0276 HSFHWBS2 - ok
15:38:08.0687 0276 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:38:08.0703 0276 HSF_DP - ok
15:38:08.0750 0276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:38:08.0750 0276 HTTP - ok
15:38:08.0796 0276 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:38:08.0796 0276 i2omgmt - ok
15:38:08.0812 0276 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:38:08.0812 0276 i2omp - ok
15:38:08.0828 0276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:38:08.0828 0276 i8042prt - ok
15:38:08.0843 0276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:38:08.0859 0276 Imapi - ok
15:38:08.0875 0276 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:38:08.0875 0276 ini910u - ok
15:38:09.0046 0276 IntcAzAudAddService (2feb5bf0312e1cb76cd2caa875cbaa5d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:38:09.0078 0276 IntcAzAudAddService - ok
15:38:09.0125 0276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:38:09.0125 0276 IntelIde - ok
15:38:09.0156 0276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:38:09.0171 0276 Ip6Fw - ok
15:38:09.0218 0276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:38:09.0218 0276 IpFilterDriver - ok
15:38:09.0250 0276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:38:09.0250 0276 IpInIp - ok
15:38:09.0281 0276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:38:09.0281 0276 IpNat - ok
15:38:09.0328 0276 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:38:09.0328 0276 IPSec - ok
15:38:09.0375 0276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:38:09.0375 0276 IRENUM - ok
15:38:09.0406 0276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:38:09.0406 0276 isapnp - ok
15:38:09.0437 0276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:38:09.0437 0276 Kbdclass - ok
15:38:09.0468 0276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:38:09.0468 0276 kbdhid - ok
15:38:09.0515 0276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:38:09.0515 0276 kmixer - ok
15:38:09.0562 0276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:38:09.0562 0276 KSecDD - ok
15:38:09.0578 0276 lbrtfdc - ok
15:38:09.0625 0276 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:38:09.0640 0276 mdmxsdk - ok
15:38:09.0687 0276 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:38:09.0687 0276 MHNDRV - ok
15:38:09.0718 0276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:38:09.0718 0276 mnmdd - ok
15:38:09.0750 0276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:38:09.0750 0276 Modem - ok
15:38:09.0781 0276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:38:09.0781 0276 Mouclass - ok
15:38:09.0812 0276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:38:09.0812 0276 mouhid - ok
15:38:09.0843 0276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:38:09.0843 0276 MountMgr - ok
15:38:09.0875 0276 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:38:09.0875 0276 mraid35x - ok
15:38:09.0890 0276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:38:09.0890 0276 MRxDAV - ok
15:38:09.0906 0276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:38:09.0906 0276 Msfs - ok
15:38:09.0937 0276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:38:09.0937 0276 MSKSSRV - ok
15:38:09.0953 0276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:38:09.0953 0276 MSPCLOCK - ok
15:38:09.0984 0276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:38:09.0984 0276 MSPQM - ok
15:38:10.0031 0276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:38:10.0031 0276 mssmbios - ok
15:38:10.0062 0276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:38:10.0078 0276 MSTEE - ok
15:38:10.0109 0276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:38:10.0109 0276 Mup - ok
15:38:10.0156 0276 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
15:38:10.0156 0276 mxnic - ok
15:38:10.0203 0276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:38:10.0203 0276 NABTSFEC - ok
15:38:10.0250 0276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:38:10.0250 0276 NDIS - ok
15:38:10.0296 0276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:38:10.0296 0276 NdisIP - ok
15:38:10.0343 0276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:38:10.0343 0276 NdisTapi - ok
15:38:10.0375 0276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:38:10.0375 0276 Ndisuio - ok
15:38:10.0406 0276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:38:10.0406 0276 NdisWan - ok
15:38:10.0437 0276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:38:10.0437 0276 NDProxy - ok
15:38:10.0468 0276 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:38:10.0468 0276 NetBIOS - ok
15:38:10.0515 0276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\netbt.sys
15:38:10.0515 0276 NetBT - ok
15:38:10.0562 0276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:38:10.0562 0276 NIC1394 - ok
15:38:10.0593 0276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:38:10.0593 0276 Npfs - ok
15:38:10.0609 0276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:38:10.0609 0276 Ntfs - ok
15:38:10.0671 0276 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:38:10.0671 0276 NuidFltr - ok
15:38:10.0703 0276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:38:10.0703 0276 Null - ok
15:38:10.0906 0276 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:38:10.0937 0276 nv - ok
15:38:11.0015 0276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:38:11.0015 0276 NwlnkFlt - ok
15:38:11.0031 0276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:38:11.0031 0276 NwlnkFwd - ok
15:38:11.0078 0276 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:38:11.0078 0276 ohci1394 - ok
15:38:11.0156 0276 P1120VID (db78faed7d72774df78b1a60f1618798) C:\WINDOWS\system32\DRIVERS\P1120Vid.sys
15:38:11.0156 0276 P1120VID - ok
15:38:11.0187 0276 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
15:38:11.0187 0276 P3 - ok
15:38:11.0203 0276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:38:11.0203 0276 Parport - ok
15:38:11.0218 0276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:38:11.0218 0276 PartMgr - ok
15:38:11.0265 0276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:38:11.0265 0276 ParVdm - ok
15:38:11.0296 0276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:38:11.0296 0276 PCI - ok
15:38:11.0312 0276 PCIDump - ok
15:38:11.0328 0276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:38:11.0328 0276 PCIIde - ok
15:38:11.0375 0276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:38:11.0375 0276 Pcmcia - ok
15:38:11.0375 0276 PDCOMP - ok
15:38:11.0390 0276 PDFRAME - ok
15:38:11.0406 0276 PDRELI - ok
15:38:11.0421 0276 PDRFRAME - ok
15:38:11.0468 0276 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:38:11.0468 0276 perc2 - ok
15:38:11.0484 0276 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:38:11.0484 0276 perc2hib - ok
15:38:11.0531 0276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:38:11.0531 0276 PptpMiniport - ok
15:38:11.0546 0276 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:38:11.0546 0276 Processor - ok
15:38:11.0562 0276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:38:11.0578 0276 PSched - ok
15:38:11.0625 0276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:38:11.0625 0276 Ptilink - ok
15:38:11.0671 0276 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:38:11.0671 0276 PxHelp20 - ok
15:38:11.0687 0276 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:38:11.0687 0276 ql1080 - ok
15:38:11.0703 0276 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:38:11.0703 0276 Ql10wnt - ok
15:38:11.0718 0276 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:38:11.0718 0276 ql12160 - ok
15:38:11.0734 0276 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:38:11.0734 0276 ql1240 - ok
15:38:11.0734 0276 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:38:11.0734 0276 ql1280 - ok
15:38:11.0765 0276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:38:11.0765 0276 RasAcd - ok
15:38:11.0812 0276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:38:11.0812 0276 Rasl2tp - ok
15:38:11.0828 0276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:38:11.0828 0276 RasPppoe - ok
15:38:11.0843 0276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:38:11.0843 0276 Raspti - ok
15:38:11.0859 0276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:38:11.0859 0276 Rdbss - ok
15:38:11.0890 0276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:38:11.0890 0276 RDPCDD - ok
15:38:11.0906 0276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:38:11.0906 0276 rdpdr - ok
15:38:11.0937 0276 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:38:11.0937 0276 RDPWD - ok
15:38:11.0984 0276 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
15:38:11.0984 0276 RTL8023xp - ok
15:38:12.0031 0276 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:38:12.0031 0276 RTLE8023xp - ok
15:38:12.0078 0276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:38:12.0078 0276 Secdrv - ok
15:38:12.0125 0276 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:38:12.0125 0276 Serenum - ok
15:38:12.0140 0276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:38:12.0140 0276 Sfloppy - ok
15:38:12.0156 0276 Simbad - ok
15:38:12.0203 0276 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:38:12.0203 0276 sisagp - ok
15:38:12.0281 0276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:38:12.0281 0276 SLIP - ok
15:38:12.0343 0276 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:38:12.0343 0276 Sparrow - ok
15:38:12.0390 0276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:38:12.0390 0276 splitter - ok
15:38:12.0406 0276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:38:12.0406 0276 sr - ok
15:38:12.0437 0276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:38:12.0437 0276 Srv - ok
15:38:12.0468 0276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:38:12.0468 0276 streamip - ok
15:38:12.0515 0276 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
15:38:12.0531 0276 SunkFilt - ok
15:38:12.0578 0276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:38:12.0578 0276 swenum - ok
15:38:12.0593 0276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:38:12.0593 0276 swmidi - ok
15:38:12.0656 0276 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:38:12.0656 0276 symc810 - ok
15:38:12.0671 0276 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:38:12.0671 0276 symc8xx - ok
15:38:12.0703 0276 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:38:12.0703 0276 sym_hi - ok
15:38:12.0718 0276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:38:12.0734 0276 sym_u3 - ok
15:38:12.0781 0276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:38:12.0781 0276 sysaudio - ok
15:38:12.0828 0276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:38:12.0843 0276 Tcpip - ok
15:38:12.0875 0276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:38:12.0875 0276 TDPIPE - ok
15:38:12.0937 0276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:38:12.0937 0276 TDTCP - ok
15:38:12.0953 0276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:38:12.0953 0276 TermDD - ok
15:38:12.0984 0276 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:38:12.0984 0276 TosIde - ok
15:38:13.0031 0276 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
15:38:13.0031 0276 tunmp - ok
15:38:13.0062 0276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:38:13.0062 0276 Udfs - ok
15:38:13.0078 0276 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:38:13.0078 0276 ultra - ok
15:38:13.0125 0276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:38:13.0125 0276 Update - ok
15:38:13.0187 0276 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:38:13.0187 0276 USBAAPL - ok
15:38:13.0234 0276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:38:13.0234 0276 usbccgp - ok
15:38:13.0296 0276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:38:13.0296 0276 usbehci - ok
15:38:13.0328 0276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:38:13.0328 0276 usbhub - ok
15:38:13.0359 0276 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:38:13.0359 0276 usbohci - ok
15:38:13.0375 0276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:38:13.0375 0276 usbprint - ok
15:38:13.0406 0276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:38:13.0406 0276 usbscan - ok
15:38:13.0437 0276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:38:13.0437 0276 USBSTOR - ok
15:38:13.0453 0276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:38:13.0453 0276 VgaSave - ok
15:38:13.0468 0276 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:38:13.0468 0276 viaagp - ok
15:38:13.0484 0276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:38:13.0484 0276 ViaIde - ok
15:38:13.0500 0276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:38:13.0500 0276 VolSnap - ok
15:38:13.0546 0276 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\system32\vsdatant.sys
15:38:13.0546 0276 vsdatant - ok
15:38:13.0562 0276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:38:13.0562 0276 Wanarp - ok
15:38:13.0609 0276 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
15:38:13.0609 0276 wanatw - ok
15:38:13.0671 0276 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:38:13.0671 0276 Wdf01000 - ok
15:38:13.0687 0276 WDICA - ok
15:38:13.0734 0276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:38:13.0734 0276 wdmaud - ok
15:38:13.0843 0276 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:38:13.0859 0276 winachsf - ok
15:38:13.0906 0276 WpdUsb (f6c0eb46c66c7be80f22115ecb44b1f0) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:38:13.0906 0276 WpdUsb - ok
15:38:13.0937 0276 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:38:13.0937 0276 WS2IFSL - ok
15:38:13.0984 0276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:38:13.0984 0276 WSTCODEC - ok
15:38:14.0000 0276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:38:14.0000 0276 \Device\Harddisk0\DR0 - ok
15:38:14.0031 0276 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk1\DR1
15:38:14.0062 0276 \Device\Harddisk1\DR1 - ok
15:38:14.0062 0276 Boot (0x1200) (e46acde1ffc9f5d12cdff6c06151a020) \Device\Harddisk0\DR0\Partition0
15:38:14.0062 0276 \Device\Harddisk0\DR0\Partition0 - ok
15:38:14.0078 0276 Boot (0x1200) (04c461313e7d1920010796ee4dbf0b9d) \Device\Harddisk1\DR1\Partition0
15:38:14.0078 0276 \Device\Harddisk1\DR1\Partition0 - ok
15:38:14.0093 0276 Boot (0x1200) (ca5c5c415fb5eab2934d3877ae4fe7cf) \Device\Harddisk1\DR1\Partition1
15:38:14.0093 0276 \Device\Harddisk1\DR1\Partition1 - ok
15:38:14.0093 0276 ============================================================
15:38:14.0093 0276 Scan finished
15:38:14.0093 0276 ============================================================
15:38:14.0093 3024 Detected object count: 0
15:38:14.0093 3024 Actual detected object count: 0

#28 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 10 March 2012 - 04:41 PM

Computer still has no LAN/internet connection, even though the Network Connections says that it does.

#29 Joel R.

Joel R.
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 10 March 2012 - 07:41 PM

I will be unavailable until 3/17. I will check back in then.

Thanks!

#30 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 11 March 2012 - 02:35 AM

No problem, in case this topic gets closed, please send me a PM to have it reopened!

When you get back can you please post me a new FSS log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users